==================================================================== CERT-Renater Note d'Information No. 2020/VULN701 _____________________________________________________________________ DATE : 22/12/2020 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S): Systems running Wireshark versions prior to 3.4.2, 3.2.9. ===================================================================== https://www.wireshark.org/security/wnpa-sec-2020-20.html https://www.wireshark.org/security/wnpa-sec-2020-16.html https://www.wireshark.org/security/wnpa-sec-2020-17.html https://www.wireshark.org/security/wnpa-sec-2020-18.html https://www.wireshark.org/security/wnpa-sec-2020-19.html https://www.wireshark.org/security/wnpa-sec-2020-20.html _____________________________________________________________________ wnpa-sec-2020-20 · QUIC dissector crash Summary Name: QUIC dissector crash Docid: wnpa-sec-2020-20 Date: December 18, 2020 Affected versions: 3.4.0 to 3.4.1 Fixed versions: 3.4.2 References: Wireshark bug 17073 CVE-2020-26422 Details Description The QUIC dissector could crash. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 3.4.2 or later. _____________________________________________________________________ wnpa-sec-2020-16 · Kafka dissector memory leak Summary Name: Kafka dissector memory leak Docid: wnpa-sec-2020-16 Date: December 9, 2020 Affected versions: 3.4.0, 3.2.0 to 3.2.8 Fixed versions: 3.4.1, 3.2.9 References: Wireshark bug 16739 CVE-2020-26418 Details Description The Kafka dissector could leak memory. Impact It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 3.4.1, 3.2.9 or later. _____________________________________________________________________ wnpa-sec-2020-17 · USB HID dissector crash Summary Name: USB HID dissector crash Docid: wnpa-sec-2020-17 Date: December 9, 2020 Affected versions: 3.4.0, 3.2.0 to 3.2.8 Fixed versions: 3.4.1, 3.2.9 References: Wireshark bug 16958 CVE-2020-26421 Details Description The USB HID dissector and possibly other dissectors could crash. Impact It may be possible to make Wireshark crash by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 3.4.1, 3.2.9 or later. _____________________________________________________________________ wnpa-sec-2020-18 · RTPS dissector memory leak Summary Name: RTPS dissector memory leak Docid: wnpa-sec-2020-18 Date: December 9, 2020 Affected versions: 3.4.0, 3.2.0 to 3.2.8 Fixed versions: 3.4.1, 3.2.9 References: Wireshark bug 16994 CVE-2020-26420 Details Description The RTPS dissector could leak memory. Impact It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 3.4.1, 3.2.9 or later. _____________________________________________________________________ wnpa-sec-2020-19 · Multiple dissector memory leak Summary Name: Multiple dissector memory leak Docid: wnpa-sec-2020-19 Date: December 9, 2020 Affected versions: 3.4.0 Fixed versions: 3.4.1 References: Wireshark bug 17032 CVE-2020-26419 Details Description Multiple dissectors could leak memory. Impact It may be possible to make Wireshark consume excessive CPU resources by injecting a malformed packet onto the wire or by convincing someone to read a malformed packet trace file. Resolution Upgrade to Wireshark 3.4.1 or later. ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23/25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email:cert@support.renater.fr + =3D=3D=3D=3D=3D=3D=3D